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We  first  introduce  temporal  logic  as  a  too!  for  reasoning  about  sequences  of  states.  Models 
of  concurrent  programs  based  both  on  transition  graphs  and  on  linear-text  representations  are 
presented  and  the  notions  of  concurrent  and  fair  executions  are  defined. 


The  general  temporal  language  is  then  specialized  to  reason  about  those  execution  sequences 
that  are  fair  computations  of  a  concurrent  program.  Subsequently,  the  language  is  used  to  describe 
properties  of  concurrent  programs. 


The  set  of  interesting  properties  is  classified  into  invariance  (safely),  eventuality  (liveness), 
and  precedence  (until)  properties.  Among  the  properties  studied  arc:  partial  correctness,  global 
invariance,  clean  behavior,  mutual  exclusion,  absence  of  deadlock,  termination,  total  correctness, 
intermittent  assertions,  accessibility,  responsiveness,  safe  liveness,  absence  of  unsolicited  response, 
fair  responsiveness,  and  precedence. 

b)^Verification  of  Concurrent  Programs:  Temporal  Proof  Principl^([2]). 

Here,  we  present  temporal  proof  methods  for  establishing  properties  of  concurrent  programs. 
We  consider  three  classes  of  properties:  invariances,  eventualities  (liveness  properties)  and  precedence 
{until  properties). 


The  proof  principle  for  establishing  invariance  properties  is  based  on  computational  induction, 
and  is  a  generalization  of  the  inductive  assertions  method.  For  a  restricted  class  of  programs  we 
present  an  algorithm  for  the  automatic  derivation  of  invariant  assertions. 


In  order  to  establish  eventuality  properties  we  present  several  principles  which  translate  the 
structure  of  the  program  into  basic  temporal  statements  about  its  behavior.  These  principles  can 
be  viewed  as  providing  the  temporal  semantics  of  the  program.  The  basic  statements  thus  derived 
are  then  combined  into  temporal  proofs  for  the  estblishment  of  eventuality  properties.  This  method 
generalizes  the  method  of  intermittent  assertions. 


An  until  property  is  shown  to  be  c.ssentially  a  combination  of  a  conditional  Invariance  and  an 
eventuality.  Consequently  the  proof  method  for  establishing  an  until  property  is  a  generalization 
of  the  method  for  establishing  even tu.ali ties. 


All  the  methods  are  applied  to  examples.- 


cYVerifi  cation 


of  Sequential  Programs:  Temporal  Axiomatization'  ([3]). 


Earlier,  we  introd\iced  temporal  logic  as  a  tool  for  rc.asoning  about  concurrent  programs  and 
specifying  their  properties  ([I])  and  presented  proof  principles  for  establishing  these  properties  ([2]). 
lli're,  we  restrict  ourselves  to  deterministic,  sequential  programs.  We  present  a  proof  system  in 
which  properties  of  such  programs,  expressed  as  temporal  formulas,  can  be  proved  formally. 
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Our  proof  system  consists  of  tiircc  parts:  a  general  part  elaborating  the  properties  of  temporal 
logic,  a  domain  part  giving  an  axiomatic  description  of  the  data  domain,  and  a  program  part  giving 
an  axiomatic  description  of  the  program  under  consideration. 


We  illustrate  the  use  of  the  proof  system  by  giving  two  alternative  formal  proofs  of  the  total 
correctness  of  a  simple  program. 

dj  Synthesis  of  Communicating  Processes  from  Temporal  Specifications‘.([‘l]). 

We  apply  Propositional  Temporal  Logic  (PTL)  to  the  specification  and  synthesis  of  the  synchro¬ 
nization  part  of  communicating  processes.  To  specify  a  process,  we  give  a  PTL  formula  that 
describes  its  sequence  of  communications.  The  synthesis  is  done  by  constructing  a  model  of  the 
given  specifications  using  a  tableau-like  satisfiability  algorithm  for  PTL.  This  model  can  then  be 
interpreted  as  a  program. 


e)^eductive  Synthesis  of  the  Unification  Algorithim^[5]) 


The  deductive  approach  is  a  formal  program  construction  method  in  which  the  derivation 
of  a  program  from  a  given  specification  is  regarded  as  a  theorem-proving  task.  To  construct  a 
program  whose  output  satisfies  the  conditions  of  the  specification,  we  prove  a  theorem  stating  the 
existence  of  such  an  output.  The  proof  is  restricted  to  be  sufficiently  constructive  so  that  a  program 
computitig  the  desired  output  can  be  extracted  directly  from  the  proof.  The  program  we  obtain 
is  applicative  and  may  consist  of  several  mutually  recursive  procedures.  The  proof  constitutes  a 
demonstration  of  the  correctness  of  this  program. 


To  exhibit  the  full  power  of  the  deductive  approach,  we  apply  it  to  a  nontrivial  example  — 
the  synthesis  of  a  unification  algorithm.  Unification  is  the  process  of  finding  a  common  instance 
of  two  expressions.  -Mgorithms  to  perform  unification  have  been  central  to  many  theorem-proving 
systems  and  to  some  programming-language  processors. 

The  task  of  deriving  a  unification  algorithm  automatically  is  beyond  the  power  of  existing 
program  .synthesis  systems.  In  this  paper  we  use  the  deductive  approach  to  derive  an  algorithm  from 
a  simple,  high-level  specification  of  the  unification  task.  We  will  identify  some  of  the  capabilities 
—  required  of  a  theorem-proving  system  to  perform  this  derivation  automatically. 

f)-6pecial  Relations  in  Program  Synthetic  Deduction,  ([6]). 

Program  synthesis  is  the  automated  derivation  of  a  computer  program  from  a  given  specifi¬ 
cation.  In  the  deductive  approach,  the  synthesis  of  a  program  is  regarded  as  a  theorem-proving 
problem;  the  desired  program  is  constructed  as  a  by-product  of  the  proof.  This  paper  presents 
a  formal  deduction  system  for  program  synthesis,  with  special  features  for  handling  equality,  the 
equiv.iletice  connective,  and  ordering  relations. 

In  proving  theorems  involving  the  equivalence  connective,  it  is  awkward  to  remove  all  the 
quantifiers  before  attempting  the  proof.  The  system  therefore  deals  with  partially  akolemized 
sentences,  in  which  some  of  the  quantifiers  may  be  left  in  place.  A  rule  is  provided  for  removing 
individual  quantifiers  when  required  after  the  proof  is  under  way. 

The  system  is  also  nonclausai,  i.e.,  the  theorem  docs  not  need  to  be  put  into  conjunctive 
normal  form.  The  equivalence,  implication,  and  other  connectives  may  be  left  intact. 
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